Reuters news

Bitcoin tests 15-month highs after 10% weekend jump

LONDON (Reuters) - Bitcoin tested 15-month highs on Monday after jumping more than 10% over the weekend, with analysts ascribing the spike to growing optimism over the adoption of cryptocurrencies after Facebook unveiled its Libra digital coin. The biggest cryptocurrency hit $11,247.62 on the Bitstamp
/
Bloomberg

The Trade War Is Set to Hit Tech, but Not as Hard as Your Wallet

Over the last year, technology companies were hopeful they might remain at least somewhat shielded from an intensifying bilateral trade war. After numerous exemptions, a far-reaching tax hike is finally poised to reach tech products. If it happens, large tech companies, at least, will be
/

System Vulnerabilities Are an Issue for Everyone

Over the past decade, we have seen a drastic increase in the number of companies relying on cloud services. Given the nature of the cloud as a shared-resource environment, threats that infiltrate the system of a single provider can have a widespread impact on others that are partnered with the cloud service providers. Unfortunately, any vulnerability found in a CSP’s system is a vulnerability for the end user’s environment as well.

The more data that users have spread out in the cloud environment, the greater the attack surface is. There are always going to be vulnerabilities associated with denial of service, weak password selections, insecure application program interfaces, and agnostic vulnerabilities.

Every user on the cloud could become an entry point for intrusion, which is why it is important that all users share the responsibility of ensuring their systems are protected. Fortunately, enterprise security leaders are able to reduce the risk by maintaining an ongoing inventory of all assets and keeping the system up-to-date.

The 3 Cloud Service Models

Right now, the cloud environment is mainly composed of three service models. These models are software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS). Unfortunately, we are seeing the greatest rise in vulnerabilities in PaaS systems.

It is estimated that close to 90 percent of enterprises using IaaS will also use serverless PaaS by the year 2021. Unfortunately, 80 percent of successful attacks on serverless PaaS systems will result from immature tools and processes resulting from the use of vulnerable codes or misconfiguration.

The online environment is changing so quickly that we are now producing software at a much faster rate. The downside is that we are unable to fully test security systems to ensure all vulnerabilities are secured. Additionally, the software is becoming far more complex.

Instead of going to one cloud environment, users are able to access and authenticate services through other systems in order to push files and data into cloud applications. The concept of using these DevOps tools is being overlooked by traditional enterprise security systems more often. Typical systems are not reviewing these tools as thoroughly as they should. Instead, they are reviewing the systems and not diving deep enough into them.

What Needs to Be Done

It is imperative to look at security issues in the same manner as you would a software defect in the system. Keeping systems up-to-date and having mechanisms to inventory assets in your ecosystem are often overlooked when managing vulnerabilities.

One step toward improving security is by changing the mindset of DevOps. Change DevOps to DevSecOps, for starters, and make automated security check gates throughout the entire program. This will ensure you are thinking about security throughout the entire life cycle.

The DevSecOps team is responsible for more than just developing code. These professionals need to implement measures to ensure security. Define this team as an integral part of the organizational structure, and talk about the DevSecOps process.

Across the board, you need to make sure you have and know the checkpoints within the system. The more automated your system is, the more likely people are to follow checkpoints. Create alerts that prompt individuals to revisit and recode areas if they do not follow the checkpoints. An automated system will ensure users are unable to push information into the production environment without the checkpoints.

Next, implement DevSecOps automation and orchestration tools to help out. Having tools available will ensure team members have the ability to automate complex tasks, allowing them to review what matters most to security. Check these orchestration tools for how they access your environment such as which access keys, accounts, API tokens, and other secrets create backdoors.

Implement secret account and key rotation management systems quarterly, biannually, or annually. Block all tools in the environment and start new. The goal is to regularly refresh your environment and not allow it to become stale. Managing this regularly lowers the risk of malware in accounts.

Know the tools that are available to you. Review what your team is using, and keep a thorough inventory to ensure your tools are up-to-date. Finally, ensure you are performing routing configuration management. Baseline security hardening ensures you have a standard template to use. Routinely updating and protecting the system is a crucial part of preventing system vulnerabilities. As you continually refresh the environment, you are always pulling on baseline hardening.

By developing a DevSecOps team at your company, you can implement all these practices in order to secure your system. Without a doubt, technology is developing at the speed of light. It is important that you are proactive in ensuring your security measures are top-of-the-line and effective.

By Brad Thies

Brad Thies

Brad Thies is the founder and president of BARR Advisory, an assurance and advisory firm specializing in cybersecurity, risk management, and compliance. Brad speaks regularly at industry events such as ISACA conferences, and he is a member of AICPA’s Trust Information Integrity Task Force. Brad’s advice has been featured in Entrepreneur, Small Business CEO, and Information Security Buzz. Prior to founding BARR, Brad managed KPMG's risk consulting division. He is a CPA and CISA.

View Website
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ ...
Technology Certification Courses

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons Earlier this week, AWS S3 had to fight its way back to life in the ...
Opportunities and Pitfalls When Hiring a Chief Data Officer

Opportunities and Pitfalls When Hiring a Chief Data Officer

The Chief Data Officer As part of their digital roadmap, organizations are increasingly taking advantage of big data and making ...
Chris

Why Containers Can’t Solve All Your Problems In The Cloud

Containers and the cloud Docker and other container services are appealing for a good reason - they are lightweight and ...
Reuters news

Bitcoin tests 15-month highs after 10% weekend jump

/
LONDON (Reuters) - Bitcoin tested 15-month highs on Monday after jumping more than 10% over the weekend, with analysts ascribing the spike to growing optimism over the adoption of cryptocurrencies ...
The Guardian

Deepfakes aren’t a tech problem. They’re a power problem

/
By framing deepfakes as a tech problem we allow Silicon Valley to evade responsibility for its symbiotic relationship with fake news In the lead-up to the 2016 election, very few ...
Verizon

Top 100: Verizon’s new structure enables strategy

/
Verizon has fit the definition of a company in motion this decade with its acquisitions of AOL and more recently in 2017 the core Internet business of Yahoo that set ...